Re: Microsoft Instant Messenger

I would recommend using Jabber (http://www.jabber.org) * open source - you can audit the source * source for both client and server side - that means you can run you own internal jabber server. * support for SSL encryption We use Jabber here internally and we're very happy with it. Chris Berry [E

RE: Fxscanner and files

Check for trailing spaces in the file name. Try this MS KnowledgeBase article http://support.microsoft.com/default.aspx?scid=kb;en-us;320081 cdv Chris DeVoney Clinical Research Center Informatics University of Washington [EMAIL PROTECTED] 206-598-6816

RE: Data Compression

If you are running Apache, check out mod_gzip: http://sourceforge.net/projects/mod-gzip/ Here are some other compression solutions for various Web servers: http://www.port80software.com/surveys/top1000compression/tools Best, Chris :: :: Chris Neppes Port80 Software

RE: Blocking port 4444 for W32.Blaster.Worm

Some programs insist on using dynamic high-level ports, and you have to allow a huge range for it even though it may only use two ports at any given time. There are just some cases it's not practical to have it locked down that tight. Not using those programs also isn't always an option. |-Or

RE: Using non-printable characters in passwords

From: Meidinger Chris <[EMAIL PROTECTED]> I know you don't want to hear this, but remember that MS Windows NT or 2000 running in hybrid mode uses an NTLM hash to represent the password. This hash represents only 7 characters, meaning that if you have a 21 character password, it

RE: Network scanning

sniffing traffic on that segment and pushing it outside the network. It can create a really major incident. badenIT GmbH System Support Chris Meidinger Tullastrasse 70 79108 Freiburg ---

RE: Transparent Screen Lock for Win NT/2000/XP

Just out of curiousity, what makes this software particularly interesting for you? Do you want to lock the servers with the event log or task manager showing, and let people who are not allowed to 'touch' the servers monitor the logs and load, or what? badenIT GmbH System Suppo

RE: Using non-printable characters in passwords

on that. It's pretty easy to disable the storing of the LM hash permanently. Chris Berry [EMAIL PROTECTED] Systems Administrator JM Associates "Q: How many software engineers does it take to change a lightbulb ? A: It ca

WG: Anit-Virus Software

Sophos has complete remote management from an admin console. We even set up sophos to scan logins and auto install itself on domain members. badenIT GmbH System Support Chris Meidinger Tullastrasse 70 79108 Freiburg __ Es gibt 10 arten von Menschen auf dem Planeten, welche die

Re: Protocol Analyser for Q3

In-Reply-To: <[EMAIL PROTECTED]> Im not sure about that particular protocol. But i will point you to agilent technologies for a protocol analyzer, weve used them at work. There a hefty price but well worth it. :) www.agilent.com Chris www.cr-secure.net >Received: (qmail 25605 inv

Port 5000 and Windows XP

service advertisments are normally IPX, which can be used anywhere that it is implemented ... primarily novell badenIT GmbH System Support Chris Meidinger Tullastrasse 70 79108 Freiburg -Original Message- From: dos cerveza [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 12, 2003 10

RE: verifying an open or closed port on an ip address

tabbed windows, so you can start to learn what the arguments do even before knowing they exist. The helpfile/documention is really easy to understand if you're new to this kind of stuff. And the really technical stuff you probably won't need to worry about yet... -- Chris Wanstrath : [EMAIL

RE: Event Viewer Monitoring Tool

simple if you are willing to take a day or two and write a database or set up an intelligent log server. badenIT GmbH System Support Chris Meidinger Tullastrasse 70 79108 Freiburg -Original Message- From: Alastair Cook [mailto:[EMAIL PROTECTED] Sent: Monday, August 11, 2003 1:20 PM To

RE: Some 'new guy' questions

best thing you can do for your computer knowledge. Just do it. I recommend Gentoo from gentoo.org but everyone has their favorite. Any other questions feel free to mail. badenIT GmbH System Support Chris Meidinger Tullastrasse 70 79108 Freiburg -Original Message- From: Sayo Venchetti

RE: UNIX password auditing tool and the search for dictionaries too

ind people entering their passwords, be careful. You are liable to get slapped. badenIT GmbH System Support Chris Meidinger Tullastrasse 70 79108 Freiburg -Original Message- From: Adam Newhard [mailto:[EMAIL PROTECTED] Sent: Friday, August 08, 2003 3:42 PM To: [EMAIL PROTECTED] Subject

Re: Anit-Virus Software

an install all the clients remotely over the network at the push of a button. Chris Berry [EMAIL PROTECTED] Systems Administrator JM Associates "Q: How many software engineers does it take to change a lightbulb ? A: It can

AW: Anit-Virus Software

It's a good idea to use one product on clients and another on the gateways so that you benefit from two signature bases / two heuristic approaches from two different companies. just a thought, not criticism. badenIT GmbH System Support Chris Meidinger Tullastrasse 70 79108 Fre

RE: file transfer over outbound port 80?

If port 80 is open, but does not go over a proxy, just have your FTP Server listen there and set it for passive mode. If port 80 does use a proxy, check to see if you can proxy your FTP over that too. Most organizations allow proxied FTP, just not direct. badenIT GmbH System Support Chris

AW: source LAN port 137 dest 169.x

The vetrinarian's mouth: cat /usr/share/nmap/nmap-services | grep I do not mean this facetiously. Unfortunately IANA doesn't assign official ports to backdoors. -chris -Ursprüngliche Nachricht- Von: David Gillett [mailto:[EMAIL PROTECTED] Gesendet: Thursday, July 31, 2003

RE: Using non-printable characters in passwords

ur 21 char pass is barely stronger than a 7 character password. For this reaason complexity is very important in windows, and not length. just a reminder for anyone in a windows environment who is setting password requirements. badenIT GmbH System Support Chris Meidinger Tullastrasse 70 79108 Fre

Fw: Securing Web access from internet

entire transaction, its briliant. Let me know if you need more info? - Original Message - From: "Meidinger Chris" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; "'Bob Freeman'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, Au

RE: Securing IIS Server

Also, modify header data and TCP/IP settings defeat tools like Nmap... http://www.port80software.com/support/articles/maskyourwebserver - Chris :: :: Chris Neppes Port80 Software, Inc. www.port80software.com 5252 Balboa Ave., Ste. 605 San Diego, CA 92117 [EMAIL

RE: Network scanning

s to the switch? |-Original Message- |From: Sebastian Schneider [mailto:[EMAIL PROTECTED] |Sent: Friday, August 08, 2003 3:10 PM |To: CHRIS GRABENSTEIN; [EMAIL PROTECTED] |Subject: Re: Network scanning | | |On Friday 08 August 2003 14:19, CHRIS GRABENSTEIN wrote: | |> As far as the hard wires

SSH mail server experiments

A week ago I started a webhosting service for subdomains at http://crystal-ninja.cjb.net . Now, ofcourse, people need to ftp into their public_html directory in their home dirs. I'm using proFTPd for that. But now for the problem: I just got the idea to make a funny mail service. People should b

RE: Nortel Contivity VPN and Firewalls

Our firewall people just looked at that. I believe it is UDP 500. cdv Chris DeVoney Clinical Research Center Informatics University of Washington [EMAIL PROTECTED] 206-598-6816 > -Original Message- > From: [EMAIL PROTECTED] [

RE: Network scanning

I don't think there is a really good way to do it. Filtering by MAC on the access point is good, but MACs can be spoofed. The packets of course can still be sniffed which could provide a lot of info. I'd recommend something like LEAP authentication with Cisco access points. You have to use all-

Re: XP Box appears to be compromised

In-Reply-To: <[EMAIL PROTECTED]> Easiest way to do this is to open a prompt on the box and simply type "netstat -a" if theres someone connected to the box it should point you right to their IP address. Chris www.cr-secure.net >Received: (qmail 22282 invoked from netw

AW: Securing Web access from internet

I agree, authenticating on the firewall is the best way to go. checkpoint fw-1 and rsa secureid work great together too for this. badenIT GmbH System Support Chris Meidinger Tullastrasse 70 79108 Freiburg __ Es gibt 10 arten von Menschen auf dem Planeten, welche die Binär

AW: XP Box appears to be compromised

t person x was using ip y during the illegal movements. badenIT GmbH System Support Chris Meidinger Tullastrasse 70 79108 Freiburg __ Es gibt 10 arten von Menschen auf dem Planeten, welche die Binär verstehen, und welche die es nicht tun. -Ursprüngliche Nachricht-

AW: Anit-Virus Software

I am very fond of Sophos AV from www.sophos.com. I have had it in production with signiture replication over 6 sites with about 3000 users and it worked like a charm. Licensing should also be fitting, they are pretty flexible. badenIT GmbH System Support Chris Meidinger Tullastrasse 70 79108

Re: Securing IIS Server

canner) or theres many others on the net im just not sure where at the moment. The IIS Lock down tools do work well also, they filter out alot of directory traversal attacks. Chris http://www.cr-secure.net (soon) >Received: (qmail 16214 invoked from network); 5 Aug 2003 15:41:17 -

AW: User Tracking & Audit on Unix Systems

try the acct (sometimes called pacct) software set badenIT GmbH System Support Chris Meidinger Tullastrasse 70 79108 Freiburg __ Es gibt 10 arten von Menschen auf dem Planeten, welche die Binär verstehen, und welche die es nicht tun. -Ursprüngliche Nachricht- Von

AW: Problems installing Nessus

probably a week - to get everything working, but trust me, you will learn much much more that will help you on the linux road... Just my 2/25 of a quarter...) badenIT GmbH System Support Chris Meidinger Tullastrasse 70 79108 Freiburg __ Es gibt 10 arten von Menschen auf dem Planeten

AW: Windows XP computer spewing packets

18 packets / sec when each port is being opened (meaning not in an ongoing TCP Connection, but for example in a port scan) is a good average badenIT GmbH System Support Chris Meidinger Tullastrasse 70 79108 Freiburg __ Es gibt 10 arten von Menschen auf dem Planeten, welche die

RE: Question for all

though), would be to go to administrative tools, computer management, and remove the offending service there. Bob You can intall the XP version and it works fine. Also you can add a control applet called startup control, or use a program called regcleaner which also has a startup panel. Chris Berry

Re: Question for all

leaning out garbage like that. If it works you might consider sending a donation, the developer does all that work for free. Chris Berry [EMAIL PROTECTED] Systems Administrator JM Associates "Q: How many software engineers does it take to change a lightbulb ? A: It can't be done; it

Re: Windows XP computer spewing packets

e some sort of broadcast storm due to misconfigured settings etc.. Try the packet sniffer first before you do anything else, its important to know what kind of traffic is leaving the box before you try and fix the problem. Chris http://elusive.filetap.com >Received: (qmail 12376 invoked fro

Re: ping, traceroute, nampwin doesnt seem to work

install them all over. Use zone alarm for a personal firewall its a much better personal windows firewall in my honest opinion. -- Chris http://elusive.filetap.com >Received: (qmail 2163 invoked from network); 30 Jul 2003 15:42:55 - >Received: from outgoing2.securityfocus.com

Re: Redhat 8.0 networking/routing/security issue...

ES as well. http://www.netfilter.org/ My honest advice to you would be to buy a 40$ home DSL/CABLE router, its much more secure and easier then securing a first time RedHat install seeing as your a bit new to it. Hope that helps even a little bit. Chris http://elusive.filetap.com >Received: (qmai

Re: 2NIC's on same network, possible?

Ok, I had never seen it put in that way before. I had known about the /32 bit notation, but I had only seen the /e used as a netmask on the address. Whereas /25 would be 255.255.255.128 in decimal notation. So I had never seen it referred to 2**8 - 1 before. Chris From: Justin Pryzby

Re: Removing xupiter, spyware, malware

Ad Aware works quite well... From: "Bill Hardstone" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Removing xupiter, spyware, malware Date: Tue, 29 Jul 2003 06:14:06 -0400 Greetings, Anyone has positively removed spyware/ adware/ malware/parasites i.e. xupiters a

Re: Trusting localhost?

ss and actually exploiting your application are like i said really low. --chris http://elusive.filetap.com >Received: (qmail 20693 invoked from network); 25 Jul 2003 15:27:22 - >Received: from outgoing2.securityfocus.com (205.206.231.26) > by mail.securityfocus.com with SMTP; 25 Jul 2003

Re: problem on personal pc not server

to check if something is running is process explorer from sysinternals (www.sysinternals.com). It has helped me in numerous situations that things seem strange and when I checked what processes are running, I discovered what was draining the system and what was doing the damage. Chris From

Re: problem on personal pc not server

It is a virus, probably Magistra.Worm. Check your Antivirus definitions. Otherwise go to Trend Micro's HouseCall and perform a Virus Scan. From: "Enquiries" <[EMAIL PROTECTED]> Reply-To: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: problem on personal pc not server Date: Thu, 24 Jul 2

RE: finding who has logged in on Win2k Pro

I'm not sure how reliable this is, but I generally check the modified date on ntuser.dat under each profile directory. This would only work with local profiles I believe and could be circumvented if the user is so motivated. Does anyone know of problems with this method assuming the user isn't ove

Re: building an FAQ for Security-Basics

From: "Dana Epp" <[EMAIL PROTECTED]> How about setting something up like a wiki and allowing for the public to build the FAQ from that? That sounds like a much better idea than most that have been brought up so far. Chris Berry [EMAIL PROTECTED] Systems Administrator JM Associate

Re: building an FAQ for Security-Basics

Apache/IIS configurations, or atleast a link to where you can read about secure webserver configurations. 4. Setting up basic firewall ACL's. How to block/open ports. Ok thats all :) -- Chris http://elusive.filetap.com >Received: (qmail 23684 invoked from network); 18 Jul 2003

Re: QMail Question

set up using life with qmail instead, that's what all the serious qmail admins follow. www.lifewithqmail.org Chris Berry [EMAIL PROTECTED] Systems Administrator JM Associates "The number of the beast — vi vi vi." --Delexa Jones _

RE: AW: Multi-User Access to Password Database

trick? Perl has some pretty easy to use encryption modules, should be fairly simple to set up what you're looking for, probably less than a week of coding by one of your staff. Chris Berry [EMAIL PROTECTED] Systems Administrator JM Associates "The number of the beast — vi vi vi."

Re: Harassment by SSL Provider?

> I received this mail below, and call me paranoid, but I think > this may be a ploy by Thawte to generate additional business. I disagree. This may very well be a chance for Thawte to lose money due to the flaws in their system. I feel that they are working the best they can to ensure that thes

RE: New trojan turns home PCs into porno Web site hosts

I'm not sure, but I'd imagine that when a host is having traffic directed towards it, the next DNS change(s) is already working through the system. Maybe DNS updates are made every 10 minutes, but the actual window that it's in effect fluctuates a bit. |-Original Message- |From: James [mai

Re: AW: Multi-User Access to Password Database

I'm not sure how well this would scale, but it seems like a good system. Chris Berry [EMAIL PROTECTED] Systems Administrator JM Associates "Encrypt everything, and ask questions later." _ Tired of spam? Get advan

RE: Deploying Microsoft patches

l doesn't compare to PatchLink (IMHO). Good luck. Chris -Original Message- From: Su Wadlow [mailto:[EMAIL PROTECTED] Sent: Friday, July 11, 2003 2:28 PM To: [EMAIL PROTECTED] Subject: Re: Deploying Microsoft patches --On Friday, July 11, 2003 2:47 AM -0700 Ronish Mehta

AW: cracking tool named 'nc' ?

our stuff. Hope this was a help, badenIT GmbH System Support Chris Meidinger Tullastrasse 70 79108 Freiburg __ Es gibt 10 arten von Menschen auf dem Planeten, welche die Binär verstehen, und welche die es nicht tun. -Ursprüngliche Nachricht- Von: Ivan Coric [mailto:[

AW: Multi-User Access to Password Database

out on a need to know basis. There are, in my opinion, many advantages to having a human factor in the equation rather than relying on machines. badenIT GmbH System Support Chris Meidinger Tullastrasse 70 79108 Freiburg __ Es gibt 10 arten von Menschen auf dem Planeten, welche die

Re: Top 10 (secure) programs

dows* or is there added functionality? Do you think there's anything in the port (or anything that may have been added) that could make it any more or less secure than running it on a *nix server? Sincerely, Chris Ess System Administrator / CDTT (Certified Duct Tape Technician) ---

AW: What runs on TCP 55317?

ld be listening on that port. I would be happy to help you more if you like. Just send me email with the results of the four things above. badenIT GmbH System Support Chris Meidinger Tullastrasse 70 79108 Freiburg -Ursprüngliche Nachricht- Von: Charley Hamilton [mailto:[EMAIL PROT

AW: Getting an IP address from a MAC address

addys and wanted to mention that i noticed this. badenIT GmbH System Support Chris Meidinger Tullastrasse 70 79108 Freiburg -Ursprüngliche Nachricht- Von: Sanjay Arora [mailto:[EMAIL PROTECTED] Gesendet: Saturday, July 05, 2003 5:25 PM An: [EMAIL PROTECTED] Betreff: Re: Getting an IP

Practices in installing and securing services (Re: Ten least secureprograms)

your own answers to the above. Additional knowledge can't hurt, right?) Thanks in advance to all. Sincerely, Chris Ess System Administrator / CDTT (Certified Duct Tape Technician) --- Evaluating SSL VPNs' Consider NEOTERIS

Re: Top 10 (secure) programs

d into a web browser. I am personally unaware of any security issues with Eudora in the recent future, but my memory could be lying to me. Sincerely, Chris Ess System Administrator / CDTT (Certified Duct Tape Technician)

AW: Ten least secure programs

Hey, even Trinity exploited SSH in The Matrix. How hard can it be? It's like anything else: there is the occaisonal 'sploit, but misconfiguration is the real danger. badenIT GmbH System Support Chris Meidinger Tullastrasse 70 79108 Freiburg -Ursprüngliche Nachricht- Von: C

AW: Proxy Server

Woah slow down there pardner. If you buy any proxy server because it can do "etc." then you made a bad decision. Tell us more exactly what you want and we can recommend, but there are a lot of proxy servers that support etc. badenIT GmbH System Support Chris Meidinger Tulla

AW: Best Linux Distribution for laptop - Debian is not proper for laptop?

I use gentoo linux from www.gentoo.org on all my boxes, both my private and work machines. Runs great on an IBM T23, and i've had it on T21, A31p and other Lappys. It's worth a look for sure. badenIT GmbH System Support Chris Meidinger Tullastrasse 70 79108 Freiburg -Urs

RE: Ten least secure programs

e this product extensively, and while there have been a few problems discovered, for the most part it seems very secure, do you have something to add to your earlier statement? By the way, you can disable root logins fairly easily. Chris Berry [EMAIL PROTECTED] Systems Administrator JM Associates &q

RE: Ten least secure programs

From: <[EMAIL PROTECTED]> I recommend the following be identified as the most insecure: 1. Freeware 2. Shareware I fail to see how the license can make software insecure, qmail is free as in beer, yet is very secure. Chris Berry [EMAIL PROTECTED] Systems Administrator JM Associates &q

Re: Ten least secure programs

From: Ansgar Wiechers <[EMAIL PROTECTED]> On 2003-07-01 Chris Berry wrote: > > From: "Depp, Dennis M." <[EMAIL PROTECTED]> > > I think you left off the biggest security leak at Microsoft, namely > > Internet Explorer (any version). > > I didn't t

Re: Ten least secure programs

ufacturer. Use white box, it's cheaper. 7 Anything with a button. That's what safety covers are for. 8 Calculators. Well, my old HP48SX has an infra-red port, so I suppose theoretically it could be hacked. 9 Davlid Letterman. Agreed, maybe I should add that to my list. 10 rm -rf / Th

RE: Ten worst programs

o change the mentality from "I need X software, do it or else" to "I need to do X task, can you recommend and set up something to care of this" Chris Berry [EMAIL PROTECTED] Systems Administrator JM Associates "Encrypt everything, and ask questions later." _

AW: Central Win2000 auditing logs

Willing but unable due to internal company regulations. Log files are a touchy issue, can't have that stuff archived on the public net. If you would like to know more about how we did it please feel free to give me a private mail. badenIT GmbH System Support Chris Meidinger Tullastras

RE: Central Win2000 auditing logs

Are you willing to share some of that .HTA code with the rest of us? I would be interested in seeing how it is done with the .hta code. Thanks, Chris [EMAIL PROTECTED] -Original Message- From: Meidinger Chris [mailto:[EMAIL PROTECTED] Sent: Friday, July 04, 2003 5:15 AM To: 'St

RE: Getting an IP address from a MAC address

Bob, Do you know if it is possible to set two IP's on a Micro$oft Server for use for one to access the internet and the other to accept VPN connections. Chris From: "Bob Walker" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>,<[EMAIL PROTECTED]> Subject: RE:

AW: Central Win2000 auditing logs

ted to you could dump them much more often. If you want it in real time though, i suspect you will need either a commercial product or you will have to take a deep look into the windows log architecture. Cheap, but effective. badenIT GmbH System Support Chris Meidinger Tullastrasse 70 7910

Re: [misc-sec] Re: Ten least secure programs

t low level, therefore there isn't much we can do about it. However even if that were not true, C is so widespread there is no practical way to stop using it. Chris Berry [EMAIL PROTECTED] Systems Administrator JM Associates "Encrypt everything, an

AW: Port scanning question

t block that host on the firewall. badenIT GmbH System Support Chris Meidinger Tullastrasse 70 79108 Freiburg -Ursprüngliche Nachricht- Von: Thom Larner [mailto:[EMAIL PROTECTED] Gesendet: Tuesday, July 01, 2003 1:38 AM An: '[EMAIL PROTECTED]' Betreff: Port scanning que

Re: Ten least secure programs

ng else. DJBDNS http://www.djbdns.org/ I like Dan's software (I use qmail right now), is that a full replacement or just a small subset? Chris Berry [EMAIL PROTECTED] Systems Administrator JM Associates "Encrypt everything, and ask questions later."

WG: Security issue in Windows 2000?

f you move your domain to native mode and implement Kerberos authentication (list - correct me if i am wrong) you should get rid of this problem. badenIT GmbH System Support Chris Meidinger Tullastrasse 70 79108 Freiburg -Ursprüngliche Nachricht- Von: hong li [mailto:[EMAIL PROTECTED] Gese

RE: Ten least secure programs

From: Jacob <[EMAIL PROTECTED]> Remote Registry Service What's dangerous about that, you have to be logged in as admin to use it anyways, if they have access to that account you're already screwed. Chris Berry [EMAIL PROTECTED] Systems Administrator JM Associates "Encryp

RE: Ten least secure programs

From: NC Agent <[EMAIL PROTECTED]> Chris, I don't mean to be rude, but I think you have that wrong. I don't think any of these are as vulnerable as Windows 9x and ME. Telnet certainly doesn't have the user base as these products. I would certainly put these at the top of the

Re: Ten least secure programs

ce DEC 2001 when I got hired here. Would you believe they had everyone using the same password and 50% of the employees were in the domain admins group? My policy is to lock it down till they start screaming bloody murder, then back off just a little. You have to do this slowly though or it inter

RE: Ten least secure programs

itself BIND - Really bad history of problems, monolithic, too much root, use djbdns instead - Still looking for one more Chris Berry [EMAIL PROTECTED] Systems Administrator JM Associates "Encrypt everything, and ask questions later." ___

Re: FW: Ten least secure programs

best OS I've ever used for a desktop. However I do feel that some of their software is poorly written and designed to do too much all in one package. Chris Berry [EMAIL PROTECTED] Systems Administrator JM Associates "Encrypt everything, and ask questions later." __

Re: Ten least secure programs

y secure" for the moment by applying the patches, but most of things I listed have a history of new vulnerabilities popping up all the time, which was what I was trying to get across. How many people have had to cancel their vacation becuase of a qmail or postfix vulnerability - Zero, how many

Re: Oh Dear, Where to start?!

From: Paul Hawkinson <[EMAIL PROTECTED]> Chris didn't mention that he was talking about the AVG free edition. We are running AVG on our servers and workstations. It is really a great piece of antivirus software. That part must have gotten snipped out because what I was originally tal

Re: Ten least secure programs

lack of encryption). That's mostly what I was looking for, programs etc. whose basic design is poor and has a tendency to produce a higher amount of security problems than their alternatives, my apologies if I was a bit unclear. Chris Berry [E

RE: Ten least secure programs

From: "Simon Quirk" <[EMAIL PROTECTED]> Chris Berry said: > But if you have an actual arguement I'd be happy to hear it. How about: So Apache has like 17 vs maybe 50 or so for IIS, that seems relevant to me. And that's just the http, whereas iis does http, smtp, ftp.

Re: Ten least secure programs

tp://www.linuxsecurity.com/articles/documentation_article-6857.html for a four part article on making the switch.) I like Dan's software (using qmail now) is dbjdns a full replacement or just a small subset? Chris Berry [EMAIL PROTECTED] Systems Administrator JM Associates "Encrypt

Re: Ten least secure programs

From: Devdas Bhagat <[EMAIL PROTECTED]> On 28/06/03 15:08 -0700, Chris Berry wrote: > I'm putting together a list of what seem to be the ten least secure computer > items in use today with the idea of having a set of things to recommend 1) Passwords. Use RSA/DSA keys instead. P

Re: Ten least secure programs

allowing users to run arbitrary code. Well, I was looking more for thing that were poorly designed. IPv4 should be on there too. Can't really do much about that. Oh, and network HP printers if that counts Uh, why? Chris Berry [EMAIL PROTECTED] Systems Administrator JM Associates "Encrypt

Re: Ten least secure programs

rver 5) Wireless networking - Unless used with extreme paranoia 6) PHP - It seems to make it easy to write insecure code. 7) R services (rsh, rcp, rlogin) 8) ActiveX - mostly because of what it's used for not the actual protocol. 9) BIND 10) ? Chris Berry [EMAIL PROTECTED]

RE: Ten least secure programs

Depending on your clients, you might list such things as KAZAA and Hotbar. Chris Smith Network Administrator USA Hockey, Inc. -Original Message- From: Chris Berry [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 01, 2003 11:50 AM To: [EMAIL PROTECTED] Subject: RE: Ten least secure programs

Re: Ten least secure programs

atives, but right now I'm exploring djbdns to see if it's a full replacement. Another candidate would be the "r" services (rsh, rlogin, rcp, etc.) Yeah, I added those, alot of people have mentioned them. Chris Berry [EMAIL PROTECTED] Systems Administrator JM Associate

Data encryption before storage

atly appreciate any input, pointer, suggestions. Chris --- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat

RE: Ten least secure programs

osoft IIS 3.0/4.0 Upgrade BDIR.HTR Vulnerability 1999-06-01: Microsoft IIS Long URL Denial of Service Vulnerability I think you should also include FTP and NFS in your list. FTP I'm researching, I've heard that some FTP servers are exploitable. What's wrong with NFS? Chri

Re: Ten least secure programs

truly objective, well researched list to answer your question as it currently stands. I'm not looking for objectivity, I'm looking for subjective opinions of experts. Chris Berry [EMAIL PROTECTED] Systems Administrator JM Associates "Encrypt everything, and ask questions later."

Re: Ten least secure programs

python ;^P It just seems like I get a ton of vulnerability reports from PHP itself and programs written using it, could be because it's popular, but I don't think that's the whole story. Chris Berry [EMAIL PROTE

RE: Ten least secure programs

t IIS '../..' Denial of Service Vulnerability 1999-06-01: IIS 4.0 fpcount.exe Buffer Overflow Vulnerability 1999-06-01: Microsoft IIS 3.0/4.0 Upgrade BDIR.HTR Vulnerability 1999-06-01: Microsoft IIS Long URL Denial of Service Vulnerability But if you have an actual arguement I'd be ha

RE: Ten least secure programs

From: "Paul Kurczaba" <[EMAIL PROTECTED]> 7) AOL Instant Messanger Hadn't heard of that being a problem, what's wrong with it? Chris Berry [EMAIL PROTECTED] Systems Administrator JM Associates "Encrypt ever

RE: Ten least secure programs

browsers in general. 9)Windows Media Player Haven't heard of many problems here, what gives? 10)Microsoft Outlook (yes, it needs to be listed twice) Probably should be but I'm only listing things once, hehe. Chris Berry [EMAIL PROTECTED] Systems Administrator JM Associates &qu

RE: Ten least secure programs

Chris, I don't mean to be rude, but I think you have that wrong. I don't think any of these are as vulnerable as Windows 9x and ME. Telnet certainly doesn't have the user base as these products. I would certainly put these at the top of the list - especially if they are

Re: Ten least secure programs

e or useability bugs, only security ones, so I don't agree. If your IE is fully patched and configured it's not that bad. (though I personally use Mozilla instead because of the nice features). Chris Berry [EMAIL PROTECTED] Systems Administrator JM Associates "En

  1   2   3   4   5   6   >